Cybercrime and Identity Theft

In an emergency, call 911.

What is ID theft?

Identity theft is the fastest growing crime in the U.S. and abroad. It typically involves the theft of personal information — such as a person’s full name, date of birth, Social Security number, or banking information — which can be used to commit fraud.

How can identity thieves get my information?

  • Going through your mail
  • Rummaging through your trash
  • Stealing your wallet, credit cards, and ID
  • Hacking into your devices
  • Collecting your information through fraudulent scams

How can I reduce my risk of becoming a victim of ID theft?

  • Keep your personal information in a secure location
  • Shred documents containing personal information
  • Protect your mail
  • Cancel unused credit cards
  • Review your credit report annually
  • Never respond to email from strangers
  • Don’t download suspicious files or click on links to unfamiliar websites
  • Don’t send sensitive personal information over the internet
  • Don’t store financial information on your computer

I’m a victim of a major data breach. What should I do to prevent fake accounts from being opened in my name?

Contact your credit bureaus to place a fraud alert on your accounts and request a security freeze. A fraud alert requires the credit bureaus to contact you before a lender tries to open an account in your name, and a security freeze prevents them from sharing your information with anyone who may be requesting it without your knowledge.

What Is “SIM Swapping?”

“SIM swapping” is a form of identity theft which is growing increasingly more common, in which a thief transfers a victim’s phone number to a phone owned by the thief. Once the phone number has been transferred to the thief’s phone, that person can then receive or place calls and send text messages using the stolen number. He or she can then circumvent text-based two-factor authentication security measures and intercept text messages containing security codes needed to reset passwords and access the victim’s online accounts. SIM swapping schemes also regularly target individuals who are known to be active in cryptocurrency, due in part to the inherent difficulty in tracking the movement of cryptocurrency and determining ownership of cryptocurrency wallets.

How can I reduce my risk of becoming a victim of SIM Swapping?

  • Be mindful of publicizing personal details that could be used to impersonate you or bypass security questions, including curating what you post on social media.
    • More secure alternatives include hardware tokens, authenticator apps that generate private codes (such as Google Authenticator or RSA SecureID), and push-based authentication.
  • Avoid using SMS/text messaged-based two-factor (2FA) authentication on your accounts.
  • Call your cell phone service provider and request that extra security features be placed on your account, such as a PIN code or additional authorizations.

What should I do if I’m a victim of SIM Swapping?

  • Contact your cell phone service provider immediately, as well as any online account provider that was affected.
  • Reset passwords on all of your online accounts and log out of all active sessions.
  • Once the accounts are secured, it is important to call law enforcement as soon as possible.
    • If you are a resident of Manhattan or use accounts with Manhattan-based institutions, call our office’s Cyber Crime & Identity Theft Bureau at 212-335-9600.

How can I secure my cryptocurrency?

  • Store cryptocurrency in a cold storage wallet.
    • Wallets that are internet-connected or held with exchanges (“hot wallets”) are at greater risk of being compromised should you become a target.
  • Avoid keeping all of your cryptocurrency in a single wallet.
  • Use different, strong passwords on all of your accounts, and change them regularly.
  • Do not click on links sent by unknown sources, or links that came to you unsolicited.
  • Always ensure the websites that you are visiting are legitimate.
  • Make sure you know the steps to recovering compromised accounts, including recovery email accounts, security questions, and secondary recovery methods.
  • Do not make security questions information that someone can easily find out (e.g. your mother’s maiden name, or what school you went to).
  • Private keys and seed phrases should never be stored on any cloud-based accounts, or apps that back up to the cloud (such as iCloud or Google Drive).
    • Keep only physical copies of your private keys and seed phrases stored in a secure location.
  • Maintain multiple email accounts to avoid associating a single email address with multiple different financial institutions or crypto exchanges.